<!DOCTYPE HTML>

<html lang="en">
<head>

<title>HeadersConfigurer (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="HeadersConfigurer (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":42,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10,"i17":10,"i18":10,"i19":10,"i20":10,"i21":10,"i22":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"],32:["t6","Deprecated Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="HeadersConfigurer.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="HeadersConfigurer.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.config.annotation.web.configurers</a></div>
<h2 title="Class HeadersConfigurer" class="title">Class HeadersConfigurer&lt;H extends <a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;H&gt;&gt;</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li><a href="../../SecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation">org.springframework.security.config.annotation.SecurityConfigurerAdapter</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;B&gt;</li>
<li>
<ul class="inheritance">
<li><a href="AbstractHttpConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;H&gt;,&#8203;H&gt;</li>
<li>
<ul class="inheritance">
<li>org.springframework.security.config.annotation.web.configurers.HeadersConfigurer&lt;H&gt;</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation">SecurityConfigurer</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;H&gt;</code></dd>
</dl>
<hr>
<pre>public class <span class="typeNameLabel">HeadersConfigurer&lt;H extends <a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;H&gt;&gt;</span>
extends <a href="AbstractHttpConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AbstractHttpConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;H&gt;,&#8203;H&gt;</pre>
<div class="block"><p>
Adds the Security HTTP headers to the response. Security HTTP headers is activated by
default when using <a href="../configuration/WebSecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation.web.configuration"><code>WebSecurityConfigurerAdapter</code></a>'s default constructor.
</p>
<p>
The default headers include are:
</p>
<pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 Pragma: no-cache
 Expires: 0
 X-Content-Type-Options: nosniff
 Strict-Transport-Security: max-age=31536000 ; includeSubDomains
 X-Frame-Options: DENY
 X-XSS-Protection: 1; mode=block
 </pre></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>3.2</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="nested.class.summary">

</a>
<h3>Nested Class Summary</h3>
<table class="memberSummary">
<caption><span>Nested Classes</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Class</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.CacheControlConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentSecurityPolicyConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentTypeOptionsConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.FeaturePolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FeaturePolicyConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FrameOptionsConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HpkpConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HstsConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>class&nbsp;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.XXssConfig</a></span></code></th>
<td class="colLast">&nbsp;</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">

</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#%3Cinit%3E()">HeadersConfigurer</a></span>()</code></th>
<td class="colLast">
<div class="block">Creates a new instance</div>
</td>
</tr>
</table>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t6" class="tableTab"><span><a href="javascript:show(32);">Deprecated Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#addHeaderWriter(org.springframework.security.web.header.HeaderWriter)">addHeaderWriter</a></span>&#8203;(<a href="../../../../web/header/HeaderWriter.html" title="interface in org.springframework.security.web.header">HeaderWriter</a>&nbsp;headerWriter)</code></th>
<td class="colLast">
<div class="block">Adds a <a href="../../../../web/header/HeaderWriter.html" title="interface in org.springframework.security.web.header"><code>HeaderWriter</code></a> instance</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.CacheControlConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#cacheControl()">cacheControl</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/CacheControlHeadersWriter.html" title="class in org.springframework.security.web.header.writers"><code>CacheControlHeadersWriter</code></a>.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#cacheControl(org.springframework.security.config.Customizer)">cacheControl</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.CacheControlConfig</a>&gt;&nbsp;cacheControlCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/CacheControlHeadersWriter.html" title="class in org.springframework.security.web.header.writers"><code>CacheControlHeadersWriter</code></a>.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#configure(H)">configure</a></span>&#8203;(<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&nbsp;http)</code></th>
<td class="colLast">
<div class="block">Configure the <a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation"><code>SecurityBuilder</code></a> by setting the necessary properties on the
<a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation"><code>SecurityBuilder</code></a>.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentSecurityPolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#contentSecurityPolicy(java.lang.String)">contentSecurityPolicy</a></span>&#8203;(java.lang.String&nbsp;policyDirectives)</code></th>
<td class="colLast">
<div class="block">
Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
Policy (CSP) Level 2</a>.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#contentSecurityPolicy(org.springframework.security.config.Customizer)">contentSecurityPolicy</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentSecurityPolicyConfig</a>&gt;&nbsp;contentSecurityCustomizer)</code></th>
<td class="colLast">
<div class="block">
Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
Policy (CSP) Level 2</a>.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentTypeOptionsConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#contentTypeOptions()">contentTypeOptions</a></span>()</code></th>
<td class="colLast">
<div class="block">Configures the <a href="../../../../web/header/writers/XContentTypeOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XContentTypeOptionsHeaderWriter</code></a> which inserts the
<a href="https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx">X-Content-Type-Options</a>:</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#contentTypeOptions(org.springframework.security.config.Customizer)">contentTypeOptions</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentTypeOptionsConfig</a>&gt;&nbsp;contentTypeOptionsCustomizer)</code></th>
<td class="colLast">
<div class="block">Configures the <a href="../../../../web/header/writers/XContentTypeOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XContentTypeOptionsHeaderWriter</code></a> which inserts the
<a href="https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx">X-Content-Type-Options</a>:</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#defaultsDisabled()">defaultsDisabled</a></span>()</code></th>
<td class="colLast">
<div class="block">Clears all of the default headers from the response.</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.FeaturePolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FeaturePolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#featurePolicy(java.lang.String)">featurePolicy</a></span>&#8203;(java.lang.String&nbsp;policyDirectives)</code></th>
<td class="colLast">
<div class="block"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">Use <a href="HeadersConfigurer.html#permissionsPolicy(org.springframework.security.config.Customizer)"><code>permissionsPolicy(Customizer)</code></a> instead.</div>
</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FrameOptionsConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#frameOptions()">frameOptions</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/frameoptions/XFrameOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers.frameoptions"><code>XFrameOptionsHeaderWriter</code></a>.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#frameOptions(org.springframework.security.config.Customizer)">frameOptions</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FrameOptionsConfig</a>&gt;&nbsp;frameOptionsCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/frameoptions/XFrameOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers.frameoptions"><code>XFrameOptionsHeaderWriter</code></a>.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HpkpConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#httpPublicKeyPinning()">httpPublicKeyPinning</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HpkpHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HpkpHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#httpPublicKeyPinning(org.springframework.security.config.Customizer)">httpPublicKeyPinning</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HpkpConfig</a>&gt;&nbsp;hpkpCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HpkpHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HpkpHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.</div>
</td>
</tr>
<tr id="i14" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HstsConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#httpStrictTransportSecurity()">httpStrictTransportSecurity</a></span>()</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HstsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HstsHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
(HSTS)</a>.</div>
</td>
</tr>
<tr id="i15" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#httpStrictTransportSecurity(org.springframework.security.config.Customizer)">httpStrictTransportSecurity</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HstsConfig</a>&gt;&nbsp;hstsCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HstsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HstsHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
(HSTS)</a>.</div>
</td>
</tr>
<tr id="i16" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#permissionsPolicy()">permissionsPolicy</a></span>()</code></th>
<td class="colLast">
<div class="block">
Allows configuration for
<a href="https://w3c.github.io/webappsec-permissions-policy/">Permissions
Policy</a>.</div>
</td>
</tr>
<tr id="i17" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#permissionsPolicy(org.springframework.security.config.Customizer)">permissionsPolicy</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a>&gt;&nbsp;permissionsPolicyCustomizer)</code></th>
<td class="colLast">
<div class="block">Allows configuration for
<a href="https://w3c.github.io/webappsec-permissions-policy/"> Permissions
Policy</a>.</div>
</td>
</tr>
<tr id="i18" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#referrerPolicy()">referrerPolicy</a></span>()</code></th>
<td class="colLast">
<div class="block">
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.</div>
</td>
</tr>
<tr id="i19" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#referrerPolicy(org.springframework.security.config.Customizer)">referrerPolicy</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a>&gt;&nbsp;referrerPolicyCustomizer)</code></th>
<td class="colLast">
<div class="block">
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.</div>
</td>
</tr>
<tr id="i20" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#referrerPolicy(org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy)">referrerPolicy</a></span>&#8203;(<a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.ReferrerPolicy.html" title="enum in org.springframework.security.web.header.writers">ReferrerPolicyHeaderWriter.ReferrerPolicy</a>&nbsp;policy)</code></th>
<td class="colLast">
<div class="block">
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.</div>
</td>
</tr>
<tr id="i21" class="rowColor">
<td class="colFirst"><code><a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.XXssConfig</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#xssProtection()">xssProtection</a></span>()</code></th>
<td class="colLast">
<div class="block"><strong>Note this is not comprehensive XSS protection!</strong></div>
</td>
</tr>
<tr id="i22" class="altColor">
<td class="colFirst"><code><a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="HeadersConfigurer.html#xssProtection(org.springframework.security.config.Customizer)">xssProtection</a></span>&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.XXssConfig</a>&gt;&nbsp;xssCustomizer)</code></th>
<td class="colLast">
<div class="block"><strong>Note this is not comprehensive XSS protection!</strong></div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.config.annotation.web.configurers.<a href="AbstractHttpConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">AbstractHttpConfigurer</a></h3>
<code><a href="AbstractHttpConfigurer.html#disable()">disable</a>, <a href="AbstractHttpConfigurer.html#withObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor)">withObjectPostProcessor</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.springframework.security.config.annotation.SecurityConfigurerAdapter">

</a>
<h3>Methods inherited from class&nbsp;org.springframework.security.config.annotation.<a href="../../SecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation">SecurityConfigurerAdapter</a></h3>
<code><a href="../../SecurityConfigurerAdapter.html#addObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor)">addObjectPostProcessor</a>, <a href="../../SecurityConfigurerAdapter.html#and()">and</a>, <a href="../../SecurityConfigurerAdapter.html#getBuilder()">getBuilder</a>, <a href="../../SecurityConfigurerAdapter.html#init(B)">init</a>, <a href="../../SecurityConfigurerAdapter.html#postProcess(T)">postProcess</a>, <a href="../../SecurityConfigurerAdapter.html#setBuilder(B)">setBuilder</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">

</a>
<h3>Methods inherited from class&nbsp;java.lang.Object</h3>
<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">

</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>HeadersConfigurer</h4>
<pre>public&nbsp;HeadersConfigurer()</pre>
<div class="block">Creates a new instance</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../builders/HttpSecurity.html#headers()"><code>HttpSecurity.headers()</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="addHeaderWriter(org.springframework.security.web.header.HeaderWriter)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>addHeaderWriter</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;addHeaderWriter&#8203;(<a href="../../../../web/header/HeaderWriter.html" title="interface in org.springframework.security.web.header">HeaderWriter</a>&nbsp;headerWriter)</pre>
<div class="block">Adds a <a href="../../../../web/header/HeaderWriter.html" title="interface in org.springframework.security.web.header"><code>HeaderWriter</code></a> instance</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>headerWriter</code> - the <a href="../../../../web/header/HeaderWriter.html" title="interface in org.springframework.security.web.header"><code>HeaderWriter</code></a> instance to add</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="contentTypeOptions()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>contentTypeOptions</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentTypeOptionsConfig</a>&nbsp;contentTypeOptions()</pre>
<div class="block">Configures the <a href="../../../../web/header/writers/XContentTypeOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XContentTypeOptionsHeaderWriter</code></a> which inserts the
<a href="https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx">X-Content-Type-Options</a>:
<pre> X-Content-Type-Options: nosniff
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ContentTypeOptionsConfig</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="contentTypeOptions(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>contentTypeOptions</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;contentTypeOptions&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentTypeOptionsConfig</a>&gt;&nbsp;contentTypeOptionsCustomizer)</pre>
<div class="block">Configures the <a href="../../../../web/header/writers/XContentTypeOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XContentTypeOptionsHeaderWriter</code></a> which inserts the
<a href="https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx">X-Content-Type-Options</a>:
<pre> X-Content-Type-Options: nosniff
 </pre></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>contentTypeOptionsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options
for the <a href="HeadersConfigurer.ContentTypeOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ContentTypeOptionsConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="xssProtection()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>xssProtection</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.XXssConfig</a>&nbsp;xssProtection()</pre>
<div class="block"><strong>Note this is not comprehensive XSS protection!</strong>
<p>
Allows customizing the <a href="../../../../web/header/writers/XXssProtectionHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XXssProtectionHeaderWriter</code></a> which adds the <a href="https://web.archive.org/web/20160201174302/https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx">X-XSS-Protection header</a>
</p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.XXssConfig</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="xssProtection(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>xssProtection</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;xssProtection&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.XXssConfig</a>&gt;&nbsp;xssCustomizer)</pre>
<div class="block"><strong>Note this is not comprehensive XSS protection!</strong>
<p>
Allows customizing the <a href="../../../../web/header/writers/XXssProtectionHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>XXssProtectionHeaderWriter</code></a> which adds the <a href="https://web.archive.org/web/20160201174302/https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx">X-XSS-Protection header</a>
</p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>xssCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="HeadersConfigurer.XXssConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.XXssConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="cacheControl()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cacheControl</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.CacheControlConfig</a>&nbsp;cacheControl()</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/CacheControlHeadersWriter.html" title="class in org.springframework.security.web.header.writers"><code>CacheControlHeadersWriter</code></a>. Specifically it adds the
following headers:
<ul>
<li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
<li>Pragma: no-cache</li>
<li>Expires: 0</li>
</ul></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.CacheControlConfig</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="cacheControl(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>cacheControl</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;cacheControl&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.CacheControlConfig</a>&gt;&nbsp;cacheControlCustomizer)</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/CacheControlHeadersWriter.html" title="class in org.springframework.security.web.header.writers"><code>CacheControlHeadersWriter</code></a>. Specifically it adds the
following headers:
<ul>
<li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
<li>Pragma: no-cache</li>
<li>Expires: 0</li>
</ul></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>cacheControlCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="HeadersConfigurer.CacheControlConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.CacheControlConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="httpStrictTransportSecurity()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpStrictTransportSecurity</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HstsConfig</a>&nbsp;httpStrictTransportSecurity()</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HstsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HstsHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
(HSTS)</a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.HstsConfig</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="httpStrictTransportSecurity(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpStrictTransportSecurity</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;httpStrictTransportSecurity&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HstsConfig</a>&gt;&nbsp;hstsCustomizer)</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HstsHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HstsHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
(HSTS)</a>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hstsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="HeadersConfigurer.HstsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.HstsConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="frameOptions()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>frameOptions</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FrameOptionsConfig</a>&nbsp;frameOptions()</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/frameoptions/XFrameOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers.frameoptions"><code>XFrameOptionsHeaderWriter</code></a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.FrameOptionsConfig</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="frameOptions(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>frameOptions</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;frameOptions&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FrameOptionsConfig</a>&gt;&nbsp;frameOptionsCustomizer)</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/frameoptions/XFrameOptionsHeaderWriter.html" title="class in org.springframework.security.web.header.writers.frameoptions"><code>XFrameOptionsHeaderWriter</code></a>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>frameOptionsCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="HeadersConfigurer.FrameOptionsConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.FrameOptionsConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="httpPublicKeyPinning()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpPublicKeyPinning</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HpkpConfig</a>&nbsp;httpPublicKeyPinning()</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HpkpHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HpkpHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.HpkpConfig</code></a> for additional customizations</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>4.1</dd>
</dl>
</li>
</ul>
<a id="httpPublicKeyPinning(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>httpPublicKeyPinning</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;httpPublicKeyPinning&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.HpkpConfig</a>&gt;&nbsp;hpkpCustomizer)</pre>
<div class="block">Allows customizing the <a href="../../../../web/header/writers/HpkpHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>HpkpHeaderWriter</code></a> which provides support for
<a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>hpkpCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for the
<a href="HeadersConfigurer.HpkpConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.HpkpConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
</dl>
</li>
</ul>
<a id="contentSecurityPolicy(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>contentSecurityPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentSecurityPolicyConfig</a>&nbsp;contentSecurityPolicy&#8203;(java.lang.String&nbsp;policyDirectives)</pre>
<div class="block"><p>
Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
Policy (CSP) Level 2</a>.
</p>
<p>
Calling this method automatically enables (includes) the Content-Security-Policy
header in the response using the supplied security policy directive(s).
</p>
<p>
Configuration is provided to the <a href="../../../../web/header/writers/ContentSecurityPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ContentSecurityPolicyHeaderWriter</code></a> which
supports the writing of the two headers as detailed in the W3C Candidate
Recommendation:
</p>
<ul>
<li>Content-Security-Policy</li>
<li>Content-Security-Policy-Report-Only</li>
</ul></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ContentSecurityPolicyConfig</code></a> for additional configuration</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if policyDirectives is null or empty</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>4.1</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/ContentSecurityPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ContentSecurityPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="contentSecurityPolicy(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>contentSecurityPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;contentSecurityPolicy&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ContentSecurityPolicyConfig</a>&gt;&nbsp;contentSecurityCustomizer)</pre>
<div class="block"><p>
Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
Policy (CSP) Level 2</a>.
</p>
<p>
Calling this method automatically enables (includes) the Content-Security-Policy
header in the response using the supplied security policy directive(s).
</p>
<p>
Configuration is provided to the <a href="../../../../web/header/writers/ContentSecurityPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ContentSecurityPolicyHeaderWriter</code></a> which
supports the writing of the two headers as detailed in the W3C Candidate
Recommendation:
</p>
<ul>
<li>Content-Security-Policy</li>
<li>Content-Security-Policy-Report-Only</li>
</ul></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>contentSecurityCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="HeadersConfigurer.ContentSecurityPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ContentSecurityPolicyConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/ContentSecurityPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ContentSecurityPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="defaultsDisabled()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>defaultsDisabled</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;defaultsDisabled()</pre>
<div class="block">Clears all of the default headers from the response. After doing so, one can add
headers back. For example, if you only want to use Spring Security's cache control
you can use the following:
<pre> http.headers().defaultsDisabled().cacheControl();
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customization</dd>
</dl>
</li>
</ul>
<a id="configure(org.springframework.security.config.annotation.web.HttpSecurityBuilder)">

</a><a id="configure(H)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>configure</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;configure&#8203;(<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&nbsp;http)</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../../SecurityConfigurer.html#configure(B)">SecurityConfigurer</a></code></span></div>
<div class="block">Configure the <a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation"><code>SecurityBuilder</code></a> by setting the necessary properties on the
<a href="../../SecurityBuilder.html" title="interface in org.springframework.security.config.annotation"><code>SecurityBuilder</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../SecurityConfigurer.html#configure(B)">configure</a></code>&nbsp;in interface&nbsp;<code><a href="../../SecurityConfigurer.html" title="interface in org.springframework.security.config.annotation">SecurityConfigurer</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a> extends <a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&gt;</code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../SecurityConfigurerAdapter.html#configure(B)">configure</a></code>&nbsp;in class&nbsp;<code><a href="../../SecurityConfigurerAdapter.html" title="class in org.springframework.security.config.annotation">SecurityConfigurerAdapter</a>&lt;<a href="../../../../web/DefaultSecurityFilterChain.html" title="class in org.springframework.security.web">DefaultSecurityFilterChain</a>,&#8203;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a> extends <a href="../HttpSecurityBuilder.html" title="interface in org.springframework.security.config.annotation.web">HttpSecurityBuilder</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&gt;</code></dd>
</dl>
</li>
</ul>
<a id="referrerPolicy()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>referrerPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a>&nbsp;referrerPolicy()</pre>
<div class="block"><p>
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.
</p>
<p>
Configuration is provided to the <a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a> which support
the writing of the header as detailed in the W3C Technical Report:
</p>
<ul>
<li>Referrer-Policy</li>
</ul>
<p>
Default value is:
</p>
<pre> Referrer-Policy: no-referrer
 </pre></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ReferrerPolicyConfig</code></a> for additional configuration</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>4.2</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="referrerPolicy(org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter.ReferrerPolicy)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>referrerPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a>&nbsp;referrerPolicy&#8203;(<a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.ReferrerPolicy.html" title="enum in org.springframework.security.web.header.writers">ReferrerPolicyHeaderWriter.ReferrerPolicy</a>&nbsp;policy)</pre>
<div class="block"><p>
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.
</p>
<p>
Configuration is provided to the <a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a> which support
the writing of the header as detailed in the W3C Technical Report:
</p>
<ul>
<li>Referrer-Policy</li>
</ul></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ReferrerPolicyConfig</code></a> for additional configuration</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if policy is null or empty</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>4.2</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="referrerPolicy(org.springframework.security.config.Customizer)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>referrerPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer</a>&lt;<a href="HeadersConfigurer.html" title="type parameter in HeadersConfigurer">H</a>&gt;&nbsp;referrerPolicy&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.ReferrerPolicyConfig</a>&gt;&nbsp;referrerPolicyCustomizer)</pre>
<div class="block"><p>
Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
Policy</a>.
</p>
<p>
Configuration is provided to the <a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a> which support
the writing of the header as detailed in the W3C Technical Report:
</p>
<ul>
<li>Referrer-Policy</li>
</ul></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>referrerPolicyCustomizer</code> - the <a href="../../../Customizer.html" title="interface in org.springframework.security.config"><code>Customizer</code></a> to provide more options for
the <a href="HeadersConfigurer.ReferrerPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.ReferrerPolicyConfig</code></a></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer</code></a> for additional customizations</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/ReferrerPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>ReferrerPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="featurePolicy(java.lang.String)">

</a>
<ul class="blockList">
<li class="blockList">
<h4>featurePolicy</h4>
<pre class="methodSignature">@Deprecated
public&nbsp;<a href="HeadersConfigurer.FeaturePolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.FeaturePolicyConfig</a>&nbsp;featurePolicy&#8203;(java.lang.String&nbsp;policyDirectives)</pre>
<div class="deprecationBlock"><span class="deprecatedLabel">Deprecated.</span>
<div class="deprecationComment">Use <a href="HeadersConfigurer.html#permissionsPolicy(org.springframework.security.config.Customizer)"><code>permissionsPolicy(Customizer)</code></a> instead.</div>
</div>
<div class="block">Allows configuration for <a href="https://wicg.github.io/feature-policy/">Feature
Policy</a>.
<p>
Calling this method automatically enables (includes) the <code>Feature-Policy</code>
header in the response using the supplied policy directive(s).
<p>
Configuration is provided to the <a href="../../../../web/header/writers/FeaturePolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>FeaturePolicyHeaderWriter</code></a> which is
responsible for writing the header.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.FeaturePolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.FeaturePolicyConfig</code></a> for additional configuration</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if policyDirectives is <code>null</code> or empty</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.1</dd>
</dl>
</li>
</ul>
<a id="permissionsPolicy()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>permissionsPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a>&nbsp;permissionsPolicy()</pre>
<div class="block"><p>
Allows configuration for
<a href="https://w3c.github.io/webappsec-permissions-policy/">Permissions
Policy</a>.
</p>

<p>
Configuration is provided to the <a href="../../../../web/header/writers/PermissionsPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>PermissionsPolicyHeaderWriter</code></a> which
support the writing of the header as detailed in the W3C Technical Report:
</p>
<ul>
<li>Permissions-Policy</li>
</ul></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.PermissionsPolicyConfig</code></a> for additional configuration</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.5</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/PermissionsPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>PermissionsPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
<a id="permissionsPolicy(org.springframework.security.config.Customizer)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>permissionsPolicy</h4>
<pre class="methodSignature">public&nbsp;<a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a>&nbsp;permissionsPolicy&#8203;(<a href="../../../Customizer.html" title="interface in org.springframework.security.config">Customizer</a>&lt;<a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers">HeadersConfigurer.PermissionsPolicyConfig</a>&gt;&nbsp;permissionsPolicyCustomizer)</pre>
<div class="block">Allows configuration for
<a href="https://w3c.github.io/webappsec-permissions-policy/"> Permissions
Policy</a>.
<p>
Calling this method automatically enables (includes) the <code>Permissions-Policy</code>
header in the response using the supplied policy directive(s).
<p>
Configuration is provided to the <a href="../../../../web/header/writers/PermissionsPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>PermissionsPolicyHeaderWriter</code></a> which is
responsible for writing the header.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <a href="HeadersConfigurer.PermissionsPolicyConfig.html" title="class in org.springframework.security.config.annotation.web.configurers"><code>HeadersConfigurer.PermissionsPolicyConfig</code></a> for additional configuration</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if policyDirectives is <code>null</code> or empty</dd>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>5.5</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../web/header/writers/PermissionsPolicyHeaderWriter.html" title="class in org.springframework.security.web.header.writers"><code>PermissionsPolicyHeaderWriter</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="HeadersConfigurer.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="HeadersConfigurer.html#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="HeadersConfigurer.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040ecbb784697cf","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
